-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 24 Jul 2021 19:03:02 +0200 Source: aspell Binary: aspell aspell-dbgsym libaspell-dev libaspell15 libaspell15-dbgsym libpspell-dev Architecture: arm64 Version: 0.60.7~20110707-6+deb10u1 Distribution: buster-security Urgency: high Maintainer: arm Build Daemon (arm-arm-04) Changed-By: Thorsten Alteholz Description: aspell - GNU Aspell spell-checker libaspell-dev - Development files for applications with GNU Aspell support libaspell15 - GNU Aspell spell-checker runtime library libpspell-dev - Development files for applications with pspell support Closes: 991307 Changes: aspell (0.60.7~20110707-6+deb10u1) buster-security; urgency=high . * Non-maintainer upload by the LTS Team. * CVE-2019-17544 It was discovered that Aspell incorrectly handled certain inputs which leads to a stack-based buffer over-read. An attacker could potentially access sensitive information. . [ Agustin Martin Domingo ] * CVE-2019-25051 (Closes: #991307) objstack in GNU Aspell 0.60.8 has a heap-based buffer overflow Checksums-Sha1: 8ab88fba47be5e773387606ce1f76173f703f796 540424 aspell-dbgsym_0.60.7~20110707-6+deb10u1_arm64.deb 26e2f3981a6eab8f2e6e4ba548b2eec68d9d4d1b 7475 aspell_0.60.7~20110707-6+deb10u1_arm64-buildd.buildinfo 2137963df8fe3b322c1e62f7833e9f8ef59ac110 221744 aspell_0.60.7~20110707-6+deb10u1_arm64.deb be6bdd0611a343e0242f6987317cd93952898dec 32864 libaspell-dev_0.60.7~20110707-6+deb10u1_arm64.deb c4387714e3236464bc80d5c387f89cf4f0666a23 2736860 libaspell15-dbgsym_0.60.7~20110707-6+deb10u1_arm64.deb bfb956b678231815c1b3ce5a2995d0282dab8192 299460 libaspell15_0.60.7~20110707-6+deb10u1_arm64.deb 76d8c34f91d4ab80c90c61fa726df2fdc2837741 29948 libpspell-dev_0.60.7~20110707-6+deb10u1_arm64.deb Checksums-Sha256: 86017dffb39dcdae52e9c5936fed1c97635eb4fc0e200b69048c4347ea2d121f 540424 aspell-dbgsym_0.60.7~20110707-6+deb10u1_arm64.deb c873f9fbed7c7c1953f3de6d70f847a5ae6d7e8408accfdaedbad623c01a306d 7475 aspell_0.60.7~20110707-6+deb10u1_arm64-buildd.buildinfo fe29e315a758081ba04942e64ec73fcd9957fbc014b8cc2111b97905845b492c 221744 aspell_0.60.7~20110707-6+deb10u1_arm64.deb 0a619cc63b7331fc3e8428aa58b8b8b8e9653ce6e02dc42a6c300405f94a94da 32864 libaspell-dev_0.60.7~20110707-6+deb10u1_arm64.deb 81dbbf550597064b92ce06ad6936c4a2a22ca1df34a6e6bc1298f06106ecc4d8 2736860 libaspell15-dbgsym_0.60.7~20110707-6+deb10u1_arm64.deb bde7b939e569be9014b3b5f08f01fe2e67f902e02f7bb25149126fc036729ac9 299460 libaspell15_0.60.7~20110707-6+deb10u1_arm64.deb 9c4c10b85ee0d694bbb4b2f995e0810fb051580c98c20c46def18796315e3b8f 29948 libpspell-dev_0.60.7~20110707-6+deb10u1_arm64.deb Files: 2dababce793d881a16218b5a0ed65c6e 540424 debug optional aspell-dbgsym_0.60.7~20110707-6+deb10u1_arm64.deb 52ab798de2eb4d9513861a25aec1840c 7475 text optional aspell_0.60.7~20110707-6+deb10u1_arm64-buildd.buildinfo 7973da40817e17c42553324f3b3502b6 221744 text optional aspell_0.60.7~20110707-6+deb10u1_arm64.deb e6bd5ed094704d7dc3945c4e1a6f15af 32864 libdevel optional libaspell-dev_0.60.7~20110707-6+deb10u1_arm64.deb b4c792825ae6da85c2c715c083ce7d73 2736860 debug optional libaspell15-dbgsym_0.60.7~20110707-6+deb10u1_arm64.deb 14b48546aaf83fb39df47b96e35f76c7 299460 libs optional libaspell15_0.60.7~20110707-6+deb10u1_arm64.deb 3bef319bc8a19f99c8de4e42d088fc36 29948 libdevel optional libpspell-dev_0.60.7~20110707-6+deb10u1_arm64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEGFZGCBbRr4pxWlfP0mfhJswyuHsFAmEEiskACgkQ0mfhJswy uHuiNg/9Eo6C7BhyosX14ECmCMAN8agtlcNrq9zvaHDpKftNuqtSgwDRgBNty9hs ZRI5L3R3C+QNBeqHOM32HXjvkWeTWEU74P0SyboUlVvSAhfWw3T7C1HWqpzj0Ayg X3Fm421EiRO6il4ioW9ZX6r0Avfxi6k/4luNY7GZwGRDw4zLqPW8XfSuO61x+ivF ykbVnPOm+sAACyV4wc+Q381LpM3fscfjS4tR4vu/uPha7I0KKHjv0HsDbzZwpim+ 3kZOzziMxoNvsCqqalhNxMmORx+E8bIbArhyKiOuW6958wztdeWsDyt8tRdMdYEd k/MkKFpeY+OHsrEmoqUw61xz9M2weHB/mwDlxOSSsf9dP/1GaaLrvgPkkLPvvN3X ozjMmDoNwMl7Ay6l5VH4/BNKPrdgVL6JH7oFGpuYw5lEvSnaaQo8+4vZebIQ1Soo vsRjDmzmW+FCZk8VURp+Fz/WwkbVHHReoHemQaK6+glTczdFeQk2NZViSaXjaIk2 jATfKz7jcZXNL78mWRxRplzC13teHZgexnWHDeVu7hf96uVoTuei56cm7Vi1ILMR vEn+rHzrC5go9d84TIaYBdUDMPVjg8ezHLh0ce7kxdto5b2mPQTu8z8bXI9f6RRH MWakcTJlsBOduO2DMNWipyZzWZnQChyKHW6EvEI+cQCweYjnmq8= =FGBg -----END PGP SIGNATURE-----